A Brief on Meltdown & Spectre
March 9, 2018
As 2018 rolled in, it bought along with it – Meltdown & Spectre. Published research revealed that almost every computer chip manufactured in the last 20 yrs contains security flaws with specific variations on those flaws being labeled as Spectre & Meltdown. All of the variants of these vulnerabilities involve a malicious program gaining unauthorized access by exploiting the two important techniques that are used to speed up computer chips namely Speculative Execution and Caching.
Speculative Execution
Here, a chip attempts to predict the future in order to work faster. Here’s a non-technical example to understand it better. If a person visits a restaurant near his home on a regular basis, without missing a single meal and ordering the same meal every time, the staff at the restaurant would get familiar with his habit and ensure that the meal is ready before his arrival. This saves time and prediction has been made. Similarly, if a chip learns that a particular program makes use of the same function frequently, it might use idle time to compute that function even when it hasn’t been asked to do so.
Caching
The purpose of caching is to speed up memory access. The resultant data from the Speculative Execution is often stored in the cache memory. This plays a role in making Speculative Execution a speed booster. Issues surface when Caching & Speculative Execution starts engaging with the Protected Memory. The vulnerabilities essentially help attackers to steal information from the memory that is being shared by other programs/OS in order to launch malicious malware attacks. If your system is affected, the attacker can read the memory content of your computer. This may easily include passwords and other user-sensitive data stored on your system.
The vulnerabilities have been discovered fairly recently and no known exploits have been created to exploit them yet, hence researchers have labeled it as a ‘low’ impact vulnerability for now (Although researchers have created proof of concepts of the possible exploits). However, we must ensure that all the appropriate defenses are in place to counter the exploits when they do show themselves in the near future.
Users can equip themselves against the vulnerabilities in the following manner:
Every individual needs to make sure that their devices are replaced in a timely fashion. Updates for both hardware and software must be religiously implemented.
Intel says that the highest threat from this vulnerability exists for users who are using old PCs. The company urges people to first update their operating systems, browsers, and other software to arm their systems with the weapons that will be needed to defend against future threats. Intel also suggests users replace their processors and motherboards if possible. The last suggestion given by them is to replace the entire device entirely with an updated one. The Meltdown & Spectre vulnerabilities were caused because of how today’s most modern processors work – by using risky and stone-age instructions for execution. According to reports, not all processors from Intel, AMD, IBM, ARM, etc are affected. But Intel seems to be the most affected by it.
Many users reported that they were facing issues like repeated reboots and other ‘unpredictable’ system behaviors on their affected computers after installing the patches released by Intel to help in defending against the Meltdown/Spectre vulnerabilities. It’s hence advisable to stop implementing the patches until a stable solution has been released by Intel.
Protect Your Business from Such Risks
Indusface’s SaaS Infra protected our customers. AWS Hypervisor was also patched, and OS-level vulnerability couldn’t be exploited as it would require administrative rights which is available only for the trusted user and is strictly governed.
However, with increasing cybersecurity risks companies should be monitoring all kinds of risks to their business. Indusface’s AppTrana helps you identify vulnerabilities in web applications and APIs also protect against the attack vectors.
